Risk and Opportunity Register - Master Sheet 


No. Dateraised RiskID Opportunity/risk description (opportunities Type Theme Current Current Current Direction Proximity Strategic Target Target Target 
Number shaded in blue) Probability Impact Overall Probability Impact Overall 
priority Priority 
1 26/01/18 R1 The way we exit the European Union, and the External Legal 4 Same <> Medium Corporate 
accompanying uncertainty, impacts on our term 
ability to deliver functions, including significant 
impact on ICO services supporting businesses. 
In particular in relation to the status of 
transfers, legal cooperation and the ICO's role 
in EDPB. 
2 30/06/17 R2 As a growing regulator and public service Internal People 3 Same <> Medium Corporate 
provider we fail to build a service culture, with term 
staff engaged in delivering reliable and 
responsive services which relate to the needs 
of our varied customers and stakeholders. 
3 30/04/19 R73 Asa rapidly expanding organisation we fail to Internal Legal 4 Same <> Medium Corporate 
introduce the necessary infrastructure and term 
culture to ensure appropriate compliance with 
all relevant legal and other obligations 
expected of a modern regulator 
4 27/09/18 R10 Failure to deliver statutory codes of practice External Policy 3 Same <> Medium Corporate 
within the prescribed timeframes and in a way term 
that delivers the outcomes we desire as a 
regulator 
5 13/04/18 R11 ICO fails to deal with issues arising from Internal/ Reputation 3 Same <> Short term Corporate 
Operation Cederberg in a timely and effective External 
way; in particular in relation to the public 
challenge to ICO regulatory decisions. 
6 22/09/18 R26 Opportunity to identify new technologies to Internal IT 3 Same <> Medium Corporate 
improve productivity term 
7 30/07/18 R46 ~— Our financial forecasts are inaccurate and we Internal Finances 4 Same <> Medium Corporate 
underachieve our income targets or overspend term 
on costs budgets 
8 19/02/19 R71 The ICO does not successfully inform the External Policy 3 Same <> Medium Corporate 


future regulation of online harms which 
undermines its role as the UK's information 
rights regulator. 
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Opportunity/risk description (opportunities 
shaded in blue) 


ICO fails to maintain and develop strategic 
international relationships which impact on UK 
global data protection and privacy concerns’ — 
this covers EU and US relationships as well as 
other international relationships which are 
needed to UK public’s interests are protected 


ICO is not a relevant, tech savvy regulator. 


ICO fails to meet expectations when dealing 
with its regulatory action priorities in a timely 
and effective way; and hence does not meet 
the wide range of expectations of 
stakeholders. 


Management Board and Executive Team 
capacity and resilience may not be sufficient to 
retain clarity of leadership and direction during 
a critical period of change to the regulatory 
landscape resulting in delay to the 
achievement of the IRSP goals and operational, 
regulatory and organisational priorities 


ICO fails to have the organisational capacity to 
respond to current demand for our public 
services 


The impact of unpredictable and/or significant 
litigation costs on financial forecasts and 
budgets 
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